Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 908494" data-attributes="member: 32260"><p><strong>How to use PowerShell scripts in the H_C Recommended Settings.</strong></p><p></p><p>Windows system and Hard_Configurator use the below restrictions on PowerShell Scripting:</p><ol> <li data-xf-list-type="ol">PowerShell ExecutionPolicy is set to Restricted (default Windows setting)</li> <li data-xf-list-type="ol">PowerShell Constrained Language Mode is applied by SRP.</li> <li data-xf-list-type="ol">The script blocking policy is applied via the H_C setting <Block PowerShell Scripts> = ON.</li> </ol><p>Point 3 prevents the user from running manually PowerShell script files from Explorer or desktop (like point 1), but additionally disables running such files via command-line with script interpreters (powershell.exe and powershell_ise.exe).</p><p>Points 3 and 1 do not block PowerShell command-lines that do not use script files. Such command-lines are often used in shortcuts and when PowerShell is invoked in non-PowerShell scripts (via Windows Script Host or CMD).</p><p></p><p>Point 2 allows running PowerShell code, but advanced functions are disabled. These functions are commonly used by malware.</p><p></p><p>So, what can be done if the user wants to use PowerShell scripting?</p><p>The first thing should be removing the PowerShell Execution policy (point 1) and replace it by adding PowerShell script extensions to SRP.</p><p></p><p>[ATTACH=full]247204[/ATTACH]</p><p></p><p>[ATTACH=full]247194[/ATTACH]</p><p></p><p>Next, we must remove the script blocking policy by setting <Block PowerShell Scripts> = OFF.</p><p></p><p>[ATTACH=full]247195[/ATTACH]</p><p></p><p>Finally, we should whitelist all PowerShell scripts we want to use.</p><p></p><p>Now we have a good PowerShell protection which allows running our scripts.</p><p>One can also use the <Block PowerShell Scripts> = OFF setting temporarily (to run own scripts) and set it to ON after that.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 908494, member: 32260"] [B]How to use PowerShell scripts in the H_C Recommended Settings.[/B] Windows system and Hard_Configurator use the below restrictions on PowerShell Scripting: [LIST=1] [*]PowerShell ExecutionPolicy is set to Restricted (default Windows setting) [*]PowerShell Constrained Language Mode is applied by SRP. [*]The script blocking policy is applied via the H_C setting <Block PowerShell Scripts> = ON. [/LIST] Point 3 prevents the user from running manually PowerShell script files from Explorer or desktop (like point 1), but additionally disables running such files via command-line with script interpreters (powershell.exe and powershell_ise.exe). Points 3 and 1 do not block PowerShell command-lines that do not use script files. Such command-lines are often used in shortcuts and when PowerShell is invoked in non-PowerShell scripts (via Windows Script Host or CMD). Point 2 allows running PowerShell code, but advanced functions are disabled. These functions are commonly used by malware. So, what can be done if the user wants to use PowerShell scripting? The first thing should be removing the PowerShell Execution policy (point 1) and replace it by adding PowerShell script extensions to SRP. [ATTACH type="full" alt="1602360174209.png"]247204[/ATTACH] [ATTACH type="full" alt="1602328243498.png"]247194[/ATTACH] Next, we must remove the script blocking policy by setting <Block PowerShell Scripts> = OFF. [ATTACH type="full" alt="1602328434839.png"]247195[/ATTACH] Finally, we should whitelist all PowerShell scripts we want to use. Now we have a good PowerShell protection which allows running our scripts. One can also use the <Block PowerShell Scripts> = OFF setting temporarily (to run own scripts) and set it to ON after that. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
